Techniques
Sample rules
Ollama Possible Model Exfiltration Data Leakage
- source: splunk
- technicques:
- T1048
Description
Detects data leakage and exfiltration attempts targeting Ollama model metadata and configuration endpoints. Adversaries repeatedly query /api/show, /api/tags, and /api/v1/models to systematically extract sensitive model information including architecture details, fine-tuning parameters, system paths, Modelfile configurations, and proprietary customizations. Multiple inspection attempts within a 15-minute window indicate automated exfiltration of valuable intellectual property such as custom model configurations, system prompts, and internal model specifications. This activity represents unauthorized data disclosure that could enable competitive intelligence gathering, model replication, or preparation for advanced attacks against the AI infrastructure.
Detection logic
`ollama_server`
| rex field=_raw "\
|\s+(?<status_code>\d+)\s+\
|\s+(?<response_time>[\d\.]+)s\s+\
|\s+(?<src_ip>[\:\da-f\.]+)\s+\
|\s+(?<http_method>\w+)\s+\"(?<uri_path>[^\"]+)\""
| eval src=src_ip
| eval dest=uri_path
| where response_time > 55
| bin _time span=15m
| stats count, avg(response_time) as avg_response_time, max(response_time) as max_response_time by _time, src, dest, uri_path
| eval avg_response_time=round(avg_response_time, 2)
| eval max_response_time=round(max_response_time, 2)
| eval severity=case( avg_response_time > 50, "high", avg_response_time > 40, "medium", 1=1, "low" )
| eval attack_type="Potential Data Exfiltration"
| sort -_time
| stats count by _time, src, uri_path, avg_response_time, max_response_time, severity, attack_type
| `ollama_possible_model_exfiltration_data_leakage_filter`